Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shellscripts do not properly sanitize their input before processing it.

Impact======

A remote attacker could entice a user to open a specially crafted linkwith a vulnerable application using Xdg-Utils (e.g. an email client),resulting in the execution of arbitrary code with the privileges of theuser running the application.

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200801-21.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.